<?php

/**
* Controller:  "Login"
*
* This controller loads the "Login" page, which allows users to enter their
* login credentials to access the secure section.  Users can only access the
* secure section with a valid username AND password.
*
* Functions:  index
*
* @author     Brandon A Johnson
* @copyright  LIS4368-01: "Web Development with PHP," Spring 2010
* @version    1.0
* @date       April 24, 2010
*
*/

class Login extends Controller {

	/**
	* Login() - constructor
	*
	* allows this file to act as a valid CodeIgniter controller
	*/
	function Login()
	{
		parent::Controller();
	}
	
	/**
	* index()
	*
	* allows the user to enter their adminsitrative login information in order to access
	* the secure section.  If the user has submitted information, it is prepped and validated,
	* then checked against the database to see if it matches an existing user.  If it does,
	* a cookie is created that shows the user is logged-in, and the site is redirected to
	* the secure section.  If the user enters bad information, appropriate error messages are
	* printed and the user is asked to try again.  If nothing has been sent, the controller
	* simply loads the login entry page.
	*/
	function index()
	{
		// destroys the cookie session just in case someone clicks here from the secure section
		$this->load->library('session');
		$this->session->sess_destroy();

		// if data has been sent for login...
		if (isset($_POST['username']))
		{
			// sets the validation rules for the "POST" data
			$this->load->library('form_validation');
			$this->form_validation->set_rules('username', 'Username', 'required|trim|strtolower');
			$this->form_validation->set_rules('password', 'Password', 'required|trim');
			// sends the data for validation
			$result = $this->form_validation->run();

			// if validation was successful...
			if ($result === TRUE)
			{
				// loads the "login" database interaction model
				$this->load->model('login_model');
				// checks the login information against the existing records
				$result = $this->login_model->check_login($_POST['username'], $_POST['password']);

				// if a match is present and the login was successful...
				if ($result === TRUE)
				{
					// add a session cookie and redirect to the secure section
					$this->session->set_userdata(array('is_logged_in' => TRUE));
					header("Location: secure");
				}
				// otherwise...
				else
				{
					echo "Sorry, but there was a problem with your username and password.  Please try again.";

					// redundant cookie destruction to ensure security
					$this->session->sess_destroy();
				}
			}
			//  otherwise...
			else
			{
				echo "No.";

				// redundant cookie destruction to ensure security
				$this->session->sess_destroy();
			}
		}

		// if login failed or nothing happened, load the login page (again)
		$this->load->view('header');
		$this->load->view('login');
	}
}

/* End of file login.php */
/* Location: ./system/application/controllers/login.php */